Privacy Policy
⚠️ DRAFT — engineering-authored placeholder reflecting the actual data flows; MUST be reviewed and finalized by legal counsel before publish. Not legal advice.
This draft was written by the engineering team so that the descriptions of what the system actually does (what we collect, where it goes, how it's deleted) are factually correct. Counsel should edit the framing and add the binding legal language — the data flows below are grounded in the real design (docs/design/analytics-consent.md, api-design.md, email.md, conversion.md, deployment.md).
Effective date: [PLACEHOLDER: effective date] Last updated: [PLACEHOLDER: last-updated date]
1. Who we are
This site, mattoxengineering.com, is operated by [PLACEHOLDER: legal entity name] ("Mattox Engineering", "we", "us"), a US-based managed-services and DevOps consultancy.
- Registered address: [PLACEHOLDER: registered postal address]
- Privacy contact: [PLACEHOLDER: privacy contact email — e.g. privacy@mattoxengineering.com]
- General contact: hello@mattoxengineering.com
For the purposes of the EU/UK GDPR, Mattox Engineering is the data controller for the personal data described here. [PLACEHOLDER: EU/UK representative under GDPR Art. 27, if one is required — counsel to determine.]
2. What we collect
2.1 Lead / assessment form data
When you submit a contact or free-assessment request, respond to an exit-intent or scroll popup that captures an email, or hand your details to our chat widget, we collect what you provide. In practice this is:
- Name
- Work email
- Company (optional)
- Role (optional)
- Phone (optional)
- The pain / "what's slowing you down" and any free-text message you write
- A chat quick-reply you selected (e.g. "Slow deployments", "Too many incidents",
"Need AI coding help"), if you came through chat
- Your chat conversation — if you use the chat widget, the messages you send and the
transcript of that conversation (including any email or free-text you type into it) are stored so we can follow up. Grounded in the ChatConversation / ChatMessage models (api-design.md §2.2)
- Attribution metadata attached automatically to your submission: the page you
submitted from, your referrer (host only), UTM campaign parameters, and the plan you were looking at if you came from pricing.
Grounded in the Lead model and its validated attribution field (api-design.md §2.2, §3.2). We do not ask for, and do not want, special-category data — please don't put sensitive personal information in the free-text fields.
2.2 Newsletter email
If you subscribe to our newsletter ("Engineering Notes"), we collect your email address. Subscription is double opt-in: we email you a confirmation link and you are only added to the list once you click it. The confirmation timestamp is our record of your consent (api-design.md §3.2; email.md §5.2).
2.3 Analytics (only if you consent)
We run analytics with PostHog, which we self-host on our own infrastructure (posthog.support.tools). Analytics is off until you opt in via the cookie banner — before consent, no analytics cookie is set and no analytics data is sent (analytics-consent.md §1.5, §4.2).
If you opt in, we collect:
- Page views and product events (e.g. CTA clicks, form starts, popup views)
- A pseudonymous analytics ID (a random identifier, not your name or email)
- Device / browser information and approximate Core Web Vitals performance data
- Your IP address as seen by the analytics system
We do not put your raw email, name, phone, or company into analytics. Where an email needs to be referenced for analytics, it is stored only as a one-way SHA-256 hash (analytics-consent.md §1.4). Because PostHog is self-hosted on infrastructure we control, this analytics data is not shared with a third-party analytics company and is not sold.
2.4 Operational / server data
To run the site securely we process:
- Server and edge logs, including IP addresses, used for security, abuse
prevention, and rate-limiting. The IP is read from Cloudflare's CF-Connecting-IP / X-Forwarded-For headers by our request middleware (api-design.md realip.go).
- Strictly-necessary cookies for the admin area (session, CSRF) and the cookie used to
record your consent choice. See the Cookie Policy.
3. How we use it, and our legal basis (GDPR Art. 6)
| What we do | Why | Lawful basis (GDPR) |
|---|---|---|
| Respond to your assessment / contact request, follow up about your enquiry | You asked us to evaluate your situation | Legitimate interest (responding to an inbound business enquiry) and/or consent |
| Send you the newsletter | You opted in (double opt-in) | Consent (the confirmation click is the record) |
| Run analytics (PostHog) | Understand and improve the site | Consent (the cookie banner) |
| Keep server/edge logs, rate-limit, prevent abuse | Security and reliability | Legitimate interest |
We do not use your data for automated decision-making that produces legal effects, and we do not use it for third-party advertising.
4. Who processes data for us (processors / sub-processors)
We use a small set of service providers. We do not sell personal data.
| Processor | What it does | Notes |
|---|---|---|
| Cloudflare | DNS, CDN, WAF, TLS termination, edge caching | Sees request metadata and IPs at the edge (deployment.md) |
| AWS SES (Amazon Simple Email Service) | Sends our transactional + newsletter lifecycle mail — new-lead notifications, the double-opt-in confirmation, the welcome email, unsubscribe receipts, and any newsletter issues | Email provider (decided 2026-06-08, email.md §4.3). Amazon Web Services is the sub-processor; email content includes the recipient address and message body. [PLACEHOLDER: if a separate campaign/ESP tool is ever used for newsletter blasts, list it here before launch.] |
| Cloudflare R2 | Object storage for images/media uploaded by our admins | Admin-uploaded media only — no visitor PII is stored here (api-design.md §2.2 uploads) |
| Self-hosted PostHog | Product analytics (consent-gated) | Self-operated on our own infrastructure at posthog.support.tools — not a third-party analytics processor, and not a sale of data (analytics-consent.md §1.1) |
[PLACEHOLDER: confirm whether any other sub-processors (e.g. hosting provider, Google Workspace for human mailboxes) should be listed; counsel to finalize the sub-processor inventory and ensure DPAs are in place.]
5. How long we keep it (retention)
- Lead / assessment data: kept for the duration of the sales lifecycle (the lead moves
through our pipeline: new → contacted → qualified → proposal → won/lost). On an erasure request, or once a lead is no longer needed, the record is anonymized: we null out name, email, phone, company, message, and attribution, and scrub any linked chat transcript, while keeping a non-identifying aggregate row (status, source, timestamps) for reporting. This is the DELETE /api/admin/leads/{id} soft-delete + anonymize flow (api-design.md §3.5; analytics-consent.md §5.1). Default retention for inactive leads: [PLACEHOLDER: retention window — e.g. 24 months — owner/counsel to set].
- Newsletter subscribers: kept until you unsubscribe. If you ask to be forgotten
(unsubscribe with "forget"), the subscriber record is hard-deleted (api-design.md §3.2).
- Analytics: retained per our self-hosted PostHog project retention settings
[PLACEHOLDER: state the concrete analytics retention period].
- Server / edge logs: retained for a short operational window [PLACEHOLDER: log
retention period].
6. Your rights
Depending on where you live (including under the EU/UK GDPR and the California CCPA/CPRA), you have rights over your personal data:
- Access — request a copy of the data we hold about you. (For leads we can export your
record; api-design.md §3.5 lead CSV export supports data-subject access.)
- Deletion / erasure — ask us to delete your data. For leads this triggers the
anonymize flow described in §5; for newsletter subscribers this is a hard delete.
- Correction / rectification — ask us to fix inaccurate data.
- Opt-out — withdraw analytics consent at any time via the "Cookie settings" link
in the footer, and unsubscribe from the newsletter at any time via the link in every newsletter email.
- Restriction, portability, and objection (where the GDPR provides them).
California (CCPA/CPRA): we do not sell or share your personal information as those terms are defined under California law, and we do not process it for cross-context behavioral advertising. You may still exercise your access, deletion, and correction rights, and you will not be discriminated against for doing so.
To exercise any right, email [PLACEHOLDER: privacy contact email]. EU/UK users also have the right to complain to their local data protection supervisory authority.
7. International data transfers
We are US-based, and some of our processors (e.g. AWS SES, and our self-hosted PostHog depending on its hosting region) may process data in the United States. If you are in the EU/UK and your data is transferred to the US, that transfer relies on [PLACEHOLDER: transfer mechanism — Standard Contractual Clauses and/or the EU-US Data Privacy Framework, as applicable; counsel to confirm per processor].
Note: our self-hosted PostHog region is fixed at deploy time and determines where analytics data lands (analytics-consent.md §1.6) — [PLACEHOLDER: state the PostHog region (US/EU) once confirmed].
8. Cookies
We use a small number of cookies and similar storage. Strictly-necessary cookies always run; analytics cookies run only with your consent. See the full Cookie Policy.
9. Children
This is a business-to-business site directed at engineering and IT professionals. It is not directed at children, and we do not knowingly collect personal data from anyone under [PLACEHOLDER: applicable age — e.g. 16 in the EU / 13 in the US].
10. Changes to this policy
We may update this policy. We will revise the "last updated" date above, and for material changes (such as adding a new processor or a new cookie category) we will re-prompt for cookie consent by bumping the consent version (analytics-consent.md §4.4).
11. Contact
Questions about this policy or your data: [PLACEHOLDER: privacy contact email] or hello@mattoxengineering.com. Postal: [PLACEHOLDER: registered postal address].